Malware Analysis Report

2024-09-09 13:45

Sample ID 240503-getytaaf25
Target cbcd8ebe30e17658c9ec42de8dbcd1fd8c0a53a9c08ceff66626d1d47de75351.bin
SHA256 cbcd8ebe30e17658c9ec42de8dbcd1fd8c0a53a9c08ceff66626d1d47de75351
Tags
octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cbcd8ebe30e17658c9ec42de8dbcd1fd8c0a53a9c08ceff66626d1d47de75351

Threat Level: Known bad

The file cbcd8ebe30e17658c9ec42de8dbcd1fd8c0a53a9c08ceff66626d1d47de75351.bin was found to be: Known bad.

Malicious Activity Summary

octo banker collection credential_access discovery evasion impact infostealer persistence rat stealth trojan

Octo

Removes its main activity from the application launcher

Requests accessing notifications (often used to intercept notifications before users become aware).

Requests modifying system settings.

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Prevents application removal

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Makes use of the framework's foreground persistence service

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests disabling of battery optimizations (often used to enable hiding in the background).

Declares broadcast receivers with permission to handle system events

Declares services with permission to bind to the system

Reads information about phone network operator.

Acquires the wake lock

Queries the unique device ID (IMEI, MEID, IMSI)

Requests dangerous framework permissions

Uses Crypto APIs (Might try to encrypt user data)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-03 05:43

Signatures

Declares broadcast receivers with permission to handle system events

Description Indicator Process Target
Required by device admin receivers to bind with the system. Allows apps to manage device administration features. android.permission.BIND_DEVICE_ADMIN N/A N/A

Declares services with permission to bind to the system

Description Indicator Process Target
Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE N/A N/A
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:48

Platform

android-x86-arm-20240221-en

Max time kernel

43s

Max time network

137s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries the unique device ID (IMEI, MEID, IMSI)

discovery

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.180.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 topcularaktaricisisedat.shop udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
US 1.1.1.1:53 evcilkusbesleme.shop udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/data/com.nameown12/kl.txt

MD5 f6ef50108bd2498ed03621ea3dcadb17
SHA1 96db1a8486e9e56ff3d4aa4ae0ae55e32fab7a4e
SHA256 b79f2601419de01138acd84d70550b6d2fac4aef790a1511f36a12ad5178e650
SHA512 f70917dcc7536fa86cfe25d760fdfe01bf26d6451357fcd3dca26e833b5d66a201d06afb77ce8883939b3ef65b481fcbcf57d0b48900c27cf241a4f3c9d9cdde

/data/data/com.nameown12/kl.txt

MD5 d66275049f97b878f69ec25bb5c58243
SHA1 1ce4143fe2b7ac2142e9f4abf127c97ce807ff06
SHA256 88514d6e6b94680ee27c2215315d8914a469319919e4def844d2b7acfccde5fe
SHA512 468b3986fc6dae5b49717df6a8f047950703d3af91e15c8be524ebdf9a4efc405c8e6d60dbe026a65e9651896dd4f99400e72237f5f67a272f1ce73f53cd9f01

/data/data/com.nameown12/kl.txt

MD5 49807b98f925ac324b01c24ab69387a3
SHA1 987e69afaa4e2c07dc72ad4529a2eaa439c8bdf1
SHA256 09c1f3235560d1668d84837783f2706a60e4d30467916a79962b6cf860577eda
SHA512 f057ad13090688cbe8a15b1dd417034637d3f1c225bd19a85227769961a6b7079e94380cc920278a771e3dc32e6c15721a170b430919ab3c0d0ed27a76093dc5

/data/data/com.nameown12/kl.txt

MD5 c5a69984cbb8dff48791ed8bcea02789
SHA1 c912022d08e9c8639e169aa8e98fac218ac36821
SHA256 1d71f0750d5c1a49f4676bfe038465c60cffd2c1324c87de3aa34142c28bbed5
SHA512 0f8ff08055c45b595b2696f5334a99cc426c0242b24ac3de9b4a4f611e7c1fd009b4d60b5166b662fb94cc2c4b38fddc20eb7b7bdc55d3f6d261313214c77b3e

/data/data/com.nameown12/kl.txt

MD5 336d99094d2e1b9a333ec9d537905b97
SHA1 cae6d24bb13eb4785ab74be56765dad4bf31b283
SHA256 9bc26928b64859a99cf38ef434b4bf7ac752a14ac5ae6bd6d0cb15cdfe003abb
SHA512 1d26802e62c3648616ec1a6e6dce768c4f3ccf9866381b11c4f0b44500975eeac6dd0d46ac345e69f9e37bb14fd50370e37cd1d6d7b199e199bfba85d7c34138

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:48

Platform

android-x64-20240221-en

Max time kernel

156s

Max time network

149s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 uzaktasimaatasehir.xyz udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
US 1.1.1.1:53 evcilkusbesleme.shop udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/data/com.nameown12/kl.txt

MD5 eee93efe15e9fc6d4601a73585d44035
SHA1 092e41d09ecd9fede18193e63699e7a84a4793b8
SHA256 63368c9cb6568e8f13c97f912704ddd1c948a84f770f4043e01d754958338dc9
SHA512 09fa8fff30b2698c2f520d0cb325c5d9c2e47d3f192f791d3bbdb009f433d6ef61ca8dce1c649532ec26790500612dc2c94da3fa8dea7efdf26c841aa1010108

/data/data/com.nameown12/kl.txt

MD5 4610d468b54567b738335ec6ba93e171
SHA1 b1262119abdff6fe10836c522d88d6e1de99a61f
SHA256 a5653a21f636d2b93be012c0f09755eb77398aeee88dd76474e2c2cc75172e64
SHA512 12769e946170fe6457fa3092f14cf4f7be330b577f85b74d2fab0588bb27b9f53658e041af560b673381a953ec60c8957b0140acb4a436227a250b682a554797

/data/data/com.nameown12/kl.txt

MD5 412410c755d250662ff75b5d3c4cd201
SHA1 a7a06e338033f7cd33e6462109944b47c9b7ccea
SHA256 6966ce3ef56b551ac473beda87730426833a6fe557dd5d3b1e3540e691863585
SHA512 09f5ddc78338796b2c0dcbf28f4ba228d60e762516855dbd4f6c406ebfb54faf2e18e43b9931bc2ac17bcf036d3b38f5904d1052075048ae5f6c377899318b82

/data/data/com.nameown12/kl.txt

MD5 4ad86fd5b3f51e3627f7c9b58b28946a
SHA1 ad0ee368574f18174500000f3ed0ced7acd26bf8
SHA256 658eef5dea0df1494159264572b38ea9c0cecb4e86c338fddc9050870b8e4578
SHA512 1d0250d1058968db1969831e641be2fb29f08b733d8ce5935cb916f1ef5dab6f0be83180cd0bcb4fb325f3eda12a909c84f3b8a4a3abe8fa57ad0b326a903087

/data/data/com.nameown12/kl.txt

MD5 6bc80bb3547a46503cb1cd09c6c5b382
SHA1 555964b15bdd000b7940d3e37722129c81a6a2a9
SHA256 69184bc8b9598469d7268c4452038e015f4730f6e6df2c5c30f852d61744b3c6
SHA512 46cb015d114756a5d8371fb1af84b12cc90d8965727284b33be8d6e32b15f958d7b8ab943d78ad536fcb07d81b3dc58defd4bfadb5b53c66d7ba67f0557b43de

/data/data/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-03 05:43

Reported

2024-05-03 05:48

Platform

android-x64-arm64-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

com.nameown12

Signatures

Octo

banker trojan infostealer rat octo

Makes use of the framework's Accessibility service

collection evasion credential_access
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId N/A N/A
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId N/A N/A

Prevents application removal

evasion
Description Indicator Process Target
Framework service call android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction N/A N/A

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

banker discovery

Requests accessing notifications (often used to intercept notifications before users become aware).

collection credential_access
Description Indicator Process Target
Intent action android.settings.ACTION_NOTIFICATION_LISTENER_SETTINGS N/A N/A

Requests modifying system settings.

evasion
Description Indicator Process Target
Intent action android.settings.action.MANAGE_WRITE_SETTINGS N/A N/A

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Queries the phone number (MSISDN for GSM devices)

discovery

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Reads information about phone network operator.

discovery

Requests disabling of battery optimizations (often used to enable hiding in the background).

evasion
Description Indicator Process Target
Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Processes

com.nameown12

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp
US 1.1.1.1:53 hayvanyemekveriyoruz.top udp
US 1.1.1.1:53 www.ip-api.com udp
US 208.95.112.1:80 www.ip-api.com tcp
US 1.1.1.1:53 kopekuyuztedavicisi.xyz udp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
US 1.1.1.1:53 tokaxtliahmetmotorcukuryesi.top udp
US 1.1.1.1:53 filomarinakiraci.top udp
US 1.1.1.1:53 verdilerbizeikiadam.shop udp
US 1.1.1.1:53 cannakliyat.top udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp
TR 87.121.105.47:443 hayvanyemekveriyoruz.top tcp

Files

/data/user/0/com.nameown12/kl.txt

MD5 ccd243f73619dd6f745ef173b3def4e1
SHA1 ebf03aa7f4f2147dc7a63be5b2016f967507edbf
SHA256 67bb30658fa8739c2c7fb45bc17d60258b89f0ca48add2fb9067d5e6162f11e4
SHA512 639cf2fbf5cf690003e9eb74a622f00e2182b1a025ba429aac9e0bf3d4851d641b9180f6fc38df3844b2a31c8c0b206c56ba882ef5693ca501e8b771d80fe613

/data/user/0/com.nameown12/kl.txt

MD5 1a6644d7e82b51a8b0c248a3032d34ab
SHA1 401adbc6207eedcb96cb12a8d44f85f180bcda6e
SHA256 d049193b4ea74e7ed81f6f8b22cbf56fa3dbe2e525a55c949582038884d3525a
SHA512 2a4e17d522801160f0d73aff3f0a93e40c77211bd6a4acc062b98e3b4b2d27f10f86ee20f25449e5695aa54c5cce5c0990b609b5b34e828c7a74885c85748a6e

/data/user/0/com.nameown12/kl.txt

MD5 fe48266850db97d2053226abfb8865b6
SHA1 007d9382063c1089cdb29d3e4593bb0531044eef
SHA256 c4032776c3a52cc71a0a877a8b82d89c53f7c74c32175c93c41cd3a2e157d40b
SHA512 eb4fe61f550aac502c1edaa69627c2d69f0b6efcd5be3cc5be07973d154950e69ed5ce2288a936e4b43671f13a692d45e1616b2ede68b4de7f9d90eaf3f3866b

/data/user/0/com.nameown12/kl.txt

MD5 15437e96103e37a5327f070eb8d67928
SHA1 d5ea9bd1624e7811ac999bc9b9c622f3bed1bf0b
SHA256 1d00a78d6d52c5df8f5411f7e16323f4fee53127274f0309a4d1335bb90cddc3
SHA512 d29d53aaeecc887dd2ba55f7864f3a4be553445f2e3302590f8a3121f672297e63188babce2c7e52faf26d1112e2153256d5de3585dd4c4b1407d18a89d83882

/data/user/0/com.nameown12/kl.txt

MD5 1776abef8d4a3b51661dcc647566729a
SHA1 2384d55f8239a4b0200e5f76b6a1e64f6a20200d
SHA256 34d528119d2ae28f74eabebcaecab56911798e467a2da2290325d3e27f2c7511
SHA512 b34d42be67c3220d48babf28c661956cdf585a1079b2eeb3cc560b398f0040de5985e310b051323cd61110a7b5541f330e63665bfa26ae05d5c7da75f0862c55

/data/user/0/com.nameown12/kl.txt

MD5 e4d8f2ffb9e72efd09264ed5ca5f63a1
SHA1 44ad0e0d85113656687fa63ca692c5301c72e0ea
SHA256 fe8f301579c8affd59e921fb52b9ea74bfcc2f51d19943f6f82b64a80898a72d
SHA512 56179f53e80fd798cac59d6d599ea4c3c1a5ac5ffdd9f7f4e655ba83b692adb58d41073af830964dafc47b646c8229afa2fc06938870d1f2a3d2b01dea42e17b

/data/user/0/com.nameown12/kl.txt

MD5 9b2531259a01ad04223ac270f64b565b
SHA1 d52f1b28f12c7ebe3bab65706b2bfa3df146e84d
SHA256 df370feff6763c242d9cc419e58b18518893be6f0849bc7ab16fef463de74419
SHA512 106e6e97ab2a2172fa96c7b180136e24b96a1cfff8dad8af7baf1bb456fab7ae403fd9b4ff8c36d9396e34872e806b98f24fa7efca15d4d96db01f042a007b07

/data/user/0/com.nameown12/kl.txt

MD5 d33c212b2d2d6aaaf4ee9ef16af33d0a
SHA1 0a6bcfcda477847abea936becadf7d25271e7e39
SHA256 7517789cbbf5e39f8f4ae444049772f01d431b02914e15c0db898d3eafbba5d9
SHA512 a5de900d5d4c682e775865473e6395ccae8f3ebfc6ece016f3f19e11a9198a4549969b814f24a7e370dfae2e3c1143bac0aef559ea2bc51264c1b2189de7d95e

/data/user/0/com.nameown12/kl.txt

MD5 b583000c81901454027484dad81d6f41
SHA1 8c171ee0966ec32f4dd9e1958956017a0d4c5265
SHA256 ad916dc01d46d50ce5c3bb24d7ba0edef2135fac36e4e02bdc057c6f17833656
SHA512 f6e28e499c9ac0e753fa497c6e3e45500e4545139ef35b6aacbabd008a7f278256b56c5ff49a43d3ed8e68455d547beb67abad861ecb4cf51d58f913b54d69e6

/data/user/0/com.nameown12/kl.txt

MD5 ef4e19086566457f9634db71d1cf3a62
SHA1 3ab526dbfe101cea73bc5dbd1765a7ef72405817
SHA256 00c089459ce7ad86c93cc41ddab63b6566f39945e61b05bca3878ecb57f07904
SHA512 2d8b152ab3e8f73e0729baa99d7576206b48b30630c80f2e402b3ccbe733655a9c736df84bf1b2633b017035a6743894de3d575ff21c18ce7854cd5bc426554c

/data/user/0/com.nameown12/kl.txt

MD5 08ecd6c1050b34e7d7b2142f11af95b3
SHA1 25cb185eaac6d39b7542a2915e6b78be98aaea8a
SHA256 557065dbafc0287b01dc7e16c0d121efff0871dc90017584288deb2a3a05b7ef
SHA512 955f58db2fea2b6a6864508701437c241f156d18c8588e74a4852fc47d117dd5035b299941037d70d6d80ad9e13523db98f81cd47b440636271011d10b442251

/data/user/0/com.nameown12/kl.txt

MD5 2ba013ebe58ff7d74a563863f4a86396
SHA1 c035530f7608b9b6f4518f2bb83a09f39b910d90
SHA256 700c6b12d98fac68d3fe8c73e6596e6aa8d1c7ce014729c4952f2aac34c33a35
SHA512 cc3983e177f909fd56e295374f79c4186ea3c02d5b87f36b8f79716bd639d077401e3caa1679582e45db9af063eb6eae4bc4f96cd8858da34cabb823258d6ed0

/data/user/0/com.nameown12/kl.txt

MD5 3b2feee48997deb8da60587551f77a0e
SHA1 74b0f3ee20570181a40db35725c4a78a5365bb26
SHA256 99ae5f3ca0df066c616b52e3243cd20e3330810d7588a88cc55ec3ac66a79005
SHA512 cf748df6c1afedcf4bddc898ca2a8c5363c7b05094784aa03bffca81039cb9dcbe3ed4f71208315c831605f656615466773ff2bc310bf379aa3f487b1e9861bb

/data/user/0/com.nameown12/.qcom.nameown12

MD5 046a414913add6f5bb60072c7db819b6
SHA1 451ee4f6809260aec622d772fd329c7d0297a842
SHA256 b66c1320cb063a1d391c94273572ea6edae76c8c8b0a07f8d75c88686f0df72a
SHA512 4e6355f3051ed5e811ab030abde1f5be7f5e1cf33be99cd08477e9b6c015deb1d8bd75a09fb9c7176b8511c5ad0a67abc0902a3531e97564ccb6afc57496a47c